Ticket #1207 (closed defect: duplicate)

Opened 12 months ago

Last modified 7 months ago

Security issue: JSON client<->server communication

Reported by: Jani Laakso Owned by: Marc Englund
Priority: undefined Milestone: User Interface Library 5.2.0 RC
Component: gwt-adapter-client Version: 5.0.0-pre
Keywords: Cc:
Known Issue description:
Hours estimate: Deadline (dd.mm.yyyy):
Known Issue version (since): Known Issue title:
Hours done: Depends to:
Affects documentation: no
Known Issue workaround:
Affects release notes: yes Contract:

Description

Jossain browsereissa voi ylikirjoittaa javascript-error handlerin, joten rikkinäisen JSONin lähettäminen saattaa sittenkin olla turvaongelma. Pieni bugi, mutta helppo korjata.

CommunicationManager?.java, rivi 291

")/*{" -> "for(;;);"

LIsäksi taitaa JSONista puuttua viimeinen kaarisulku.

Vaatii myös muutoksen ApplicationConnection?.java -luokkaan riville 195.

(en ole kokeillut korjausta, mutta kannattaa laittaa traciin, koska on helppoa korjata)

- joonas

Change History

Changed 9 months ago by Joonas Lehtinen

  • milestone set to User Interface Library 5.1.1

Changed 9 months ago by Joonas Lehtinen

  • priority changed from major to undefined

Changed 9 months ago by Marc Englund

  • status changed from new to closed
  • resolution set to duplicate

Duplicates #1247

Changed 7 months ago by Joonas Lehtinen

  • milestone changed from User Interface Library 5.1.2 to User Interface Library 5.2.0

Milestone User Interface Library 5.1.2 deleted

Note: See TracTickets for help on using tickets.